Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:

Determine where to deploy NSM platforms, and size them for the monitored networks

Deploy stand-alone or distributed NSM installations

Use command line and graphical packet analysis tools, and NSM consoles

There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive
data shouldn't be.

Author Bio

Richard Bejtlich is Chief Security Strategist at FireEye, and was formerly Chief Security Officer at Mandiant. He also served as Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. His previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He blogs (taosecurity.blogspot.com) and writes on Twitter as @taosecurity.

"A comprehensive guide. Certain to make the reader a better information security practitioner, and their network more secure."
—Ben Rothke, Slashdot (Read More)

"If you are in cyber security, this is a must read. The book is the best resource for tools I have seen anywhere."
—Stephen Northcutt, SANS Institute (Read More)

"A very well written technical book. I would recommend this for anyone getting into the field of incident response who doesn't have a great understanding of NSM."
—Greg Hetrick, PaulDotCom (Read More)

"Deploying NSM not only means you can quickly identify, contain, and remediate intrusions, it gives you insight into the network as a whole."
—Michael W. Lucas, author of Absolute OpenBSD, 2nd Edition (Read More)

"The Practice of Network Security Monitoring: the best surveillance book you'll read anytime soon."
—Peter N. M. Hansteen, author of The Book of PF (Read More)

"This gem from No Starch Press covers the life-cycle of Network Security Monitoring (NSM) in great detail and leans on Security Onion as its backbone. I recommend an immediate download of the latest version of Security Onion and a swift purchase of Richard’s book."
—Russ McRee, senior security analyst, Microsoft (Read More)

"The principles Bejtlich outlines for running your security monitoring are the kind of best practice you should apply to any important server."
—Mary Branscombe, ZDNet (Read More)

"If you want to know what to do when intruders arrive on your network and how to best prepare for that eventuality, you must read this book."
—Sandra Henry-Stocker, ITWorld (Read More)

"Bejtlich is a master of his craft and also possesses the rare gift of being able to share his knowledge in a comprehensible way."
—Richard Austin, IEEE Cipher (Read More)

Page 48:
The middle of the last paragraph should read "In other words, cable R01 would be connected to one of the switchessay switch uplink S1while cable R02 would be connected to the firewall interface facing uplink S1."